Teacher
Professional
- Messages
- 2,670
- Reaction score
- 814
- Points
- 113
Taiwan is a new battlefield in the global cyber war.
The Chinese hacker group Earth Lusca has once again found itself in the spotlight thanks to a recent report by Trend Micro specialists, who revealed the latest tactics used by these attackers, as well as their interests at the global level.
In a recent campaign, the Earth Lusca group used documents related to Sino-Taiwanese relations as bait to spread malware. This operation, which took place from December 2023 to January 2024, preceded the national elections in Taiwan, indicating a particularly keen interest in the political processes in the region.
The campaign is characterized by a complex chain of infection, starting with seemingly harmless Microsoft Word and PowerPoint documents, as well as PDF files containing malicious JavaScript code.
This code sequentially unpacks nested archives, eventually loading a malicious DLL library through a legitimate file disguised as software from the Chinese company Qihoo 360. This allows attackers to gain remote control over infected systems.
Particularly troubling is the discovery of links between Earth Lusca and the Chinese company I-Soon, which we recently reported separately. The similarity in attack methods, geography, and victim selection points to potential collaboration between these organizations. It seems that the boundaries between legitimate and state-supported hacking operations are gradually blurring.
Earth Lusca attacks are increasingly targeting government agencies, think tanks, and experts who influence Taiwan's political climate, which can have global implications, affecting trade agreements, diplomatic relations, and even defense strategies.
In light of these threats, the importance of cybersecurity awareness, timely system updates, and compliance with best practices in this area cannot be overemphasized. These measures are key to protecting sensitive information and maintaining the security of operations in the face of the growing threat posed by State-backed hackers from different countries.
The Chinese hacker group Earth Lusca has once again found itself in the spotlight thanks to a recent report by Trend Micro specialists, who revealed the latest tactics used by these attackers, as well as their interests at the global level.
In a recent campaign, the Earth Lusca group used documents related to Sino-Taiwanese relations as bait to spread malware. This operation, which took place from December 2023 to January 2024, preceded the national elections in Taiwan, indicating a particularly keen interest in the political processes in the region.
The campaign is characterized by a complex chain of infection, starting with seemingly harmless Microsoft Word and PowerPoint documents, as well as PDF files containing malicious JavaScript code.
This code sequentially unpacks nested archives, eventually loading a malicious DLL library through a legitimate file disguised as software from the Chinese company Qihoo 360. This allows attackers to gain remote control over infected systems.
Particularly troubling is the discovery of links between Earth Lusca and the Chinese company I-Soon, which we recently reported separately. The similarity in attack methods, geography, and victim selection points to potential collaboration between these organizations. It seems that the boundaries between legitimate and state-supported hacking operations are gradually blurring.
Earth Lusca attacks are increasingly targeting government agencies, think tanks, and experts who influence Taiwan's political climate, which can have global implications, affecting trade agreements, diplomatic relations, and even defense strategies.
In light of these threats, the importance of cybersecurity awareness, timely system updates, and compliance with best practices in this area cannot be overemphasized. These measures are key to protecting sensitive information and maintaining the security of operations in the face of the growing threat posed by State-backed hackers from different countries.
